Michael Epps Utley {kind=image/jpg}
In our most recent look at SEO best practices, we explored the many benefits of setting up a secure sockets layer (SSL Certificate) for improved website security. Depending on your hosting plan/platform and your website architecture, you may need to take additional steps to redirect all traffic to HTTPS:// instead of HTTP://.
For our how-to, we’ll use GoDaddy instructions as a guide since they are a common website hosting platform. If we don’t cover your questions in this post, checking server documentation can help you know how to redirect traffic to HTTPS://. Your hosting tech support team, your web developer, or your performance marketing agency are also good resources if you have questions along the way.
Note: GoDaddy automatically redirects all traffic to HTTPS:// if you have completed an SSL certificate installation on a Managed WordPress account. Otherwise, try the following steps, depending on your site setup.
How to Redirect cPanel to HTTPS://
For cPanel, modifying your .htaccess file will redirect links to HTTPS://. Here’s how to do that.
Go to your GoDaddy product page.
- Under Web Hosting, next to the Linux Hosting account you want to use, click Manage.
- In the account Dashboard, click File Manager.
- In the cPanel File Manager, click Settings.
Make sure that Show Hidden Files (dotfiles) is checked, and click Save.
Click on public_html, and open your .htaccess if you already have one. If not, click File+, name the file .htaccess, and click Create New File.
Select the .htaccess file, and click Edit.
- If you just created your .htaccess file, use the following code to set up the URL redirect to the HTTPS version of your website:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(www\.)?coolexample\.com
RewriteRule ^(.*)$ https://www.coolexample.com/...;1 [R,L]
Note: If your .htaccess file already exists in your hosting account, do not duplicate ReWriteEngine On. Insert the lines that begin with ReWriteCond and RewriteRule directly after the already existing ReWriteEngine On.
How to Redirect Linux Hosted WordPress Sites to HTTPS://
For WordPress sites with Linux hosting, take the following steps to change your .htaccess file so that your website redirects all pages to secure URLs.
Log into your WordPress Dashboard.Hover over Settings on the left navigation panel, then click General.
- Locate the following fields on the new page:
WordPress Address (URL)
Site Address (URL)
- In each field, update your URLs to include https instead of http.
For example, http://coolexample.com would become https://coolexample.com.
- Scroll down to the bottom of the page and click Save Changes.
- Open your current .htaccess file in the /public_html/ folder with the cPanel file manager for editing. If you don't already have a .htaccess file, you'll need to create one.
- Insert the following code at the top of your .htaccess file:
# BEGIN GD-SSL
<<span/>IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_USER_AGENT} ^(.+)$
RewriteCond %{SERVER_NAME} ^coolexample\.com$ [OR]
RewriteCond %{SERVER_NAME} ^www\.coolexample\.com$
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
Header add Strict-Transport-Security "max-age=300"
<<span/>/IfModule>
# END GD-SSL
# BEGIN WordPress
<<span/>IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
<<span/>/IfModule>
# END WordPress
Don't Forget: Click Save Changes at the top-right corner of the screen before navigating off the page. (Source: GoDaddy)
Setting Up HTTPS Redirects in Windows/Plesk
If you have a Windows-based hosting account, you’ll be making changes to your web.config file instead of .htaccess. Using the following code in your web.config file automatically redirects visitors to the HTTPS version of your site:
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Redirecting a WordPress Site to HTTPS for Plesk Hosting
For WordPress sites with Plesk hosting, complete the following changes to your web.config file:
- Log in to your WordPress admin panel.
- Click Settings and then General.
- Change your WordPress URL and Site URL from http://coolexample.com to https://coolexample.com and click Save Changes.
- Create a web.config file in your httpdocs folder
- Insert the code listed below into your web.config file and save the file.
<configuration>
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="Redirect to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
<rule name="Main Rule" stopProcessing="true">
<match url=".*" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Rewrite" url="index.php/{R:0}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
How and When to Check for HTTPS Redirects
We recommend checking for HTTPS redirects if you’ve recently made changes to your website domain, subdomains, or Content Management System (CMS).
If you have new hosting or have just migrated a lot of content, it’s worth double-checking your entire site is secure. Doing regular site audits and monitoring your analytics daxshboards can also alert you to any security issues right away, so check that data regularly and respond to any alerts for best results.
